diff --git a/CHANGELOG b/CHANGELOG
index a14b89ca6..bc1ae6fd0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -21,6 +21,7 @@ CHANGELOG Roundcube Webmail
 - Managesieve: Fix parser issue with empty lines between comments (#5657)
 - Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
 - Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
+- Fix XSS issue in handling of a style tag inside of an svg element
 
 RELEASE 1.3-beta
 ----------------
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index 10f96c7b4..8f9a5cf50 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -494,6 +494,7 @@ class rcube_utils
     public static function xss_entity_decode($content)
     {
         $out = html_entity_decode(html_entity_decode($content));
+        $out = strip_tags($out);
         $out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
             array(self, 'xss_entity_decode_callback'), $out);
         $out = preg_replace('#/\*.*\*/#Ums', '', $out);